Hello all, I have searched high and low on Google, and I am unable to find any direction as how to proceed to my problem. As always, any help is greatly appreciated.
I am running Lenya 2.0.4 within Tomcat 6.0.37 and Oracle JDK 1.7.0 51 on an Ubuntu Linux x64 - 12.04.4 LTS kernel 3.2.0-59-generic. I am trying to setup user LDAP authentication against Active Directory. Active Directory runs in a Windows 2008 Server in an internal network, and Lenya runs in a DMZ. LDAP is enabled within the access-control.xml file, and I have the ldap.properties file populated with the connection settings. Each time I attempt to add a LDAP user, I receive a message stating the connection has been reset. Connection reset stack trace: 2014-04-03 16:24:18,560 [TP-Processor6] ERROR lenya.admin - org.apache.lenya.ac.AccessControlException: Exception during search: org.apache.lenya.cms.usecase.UsecaseException: org.apache.lenya.ac.AccessControlException: Exception during search: at org.apache.lenya.cms.ac.usecases.AddUser.validate(AddUser.java:79) at org.apache.lenya.cms.ac.usecases.AddUser.doCheckExecutionConditions(AddUser.java:96) at org.apache.lenya.cms.usecase.AbstractUsecase.checkExecutionConditions(AbstractUsecase.java:235) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.apache.avalon.excalibur.component.ComponentProxyGenerator$ComponentInvocationHandler.invoke(ComponentProxyGenerator.java:143) at com.sun.proxy.$Proxy53.checkExecutionConditions(Unknown Source) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:145) at org.mozilla.javascript.NativeJavaMethod.call(NativeJavaMethod.java:204) at org.mozilla.javascript.Interpreter.interpretLoop(Interpreter.java:3085) at org.mozilla.javascript.Interpreter.interpret(Interpreter.java:2251) at org.mozilla.javascript.InterpretedFunction.call(InterpretedFunction.java:161) at org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:340) at org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:2758) at org.mozilla.javascript.InterpretedFunction.call(InterpretedFunction.java:159) at org.mozilla.javascript.Context.call(Context.java:489) at org.mozilla.javascript.ScriptableObject.callMethod(ScriptableObject.java:1556) at org.mozilla.javascript.ScriptableObject.callMethod(ScriptableObject.java:1526) at org.apache.cocoon.components.flow.javascript.fom.FOM_JavaScriptInterpreter.handleContinuation(FOM_JavaScriptInterpreter.java:842) at org.apache.cocoon.components.treeprocessor.sitemap.CallFunctionNode.invoke(CallFunctionNode.java:124) at org.apache.cocoon.components.treeprocessor.AbstractParentProcessingNode.invokeNodes(AbstractParentProcessingNode.java:47) at org.apache.cocoon.components.treeprocessor.sitemap.MatchNode.invoke(MatchNode.java:108) at org.apache.cocoon.components.treeprocessor.AbstractParentProcessingNode.invokeNodes(AbstractParentProcessingNode.java:69) at org.apache.cocoon.components.treeprocessor.sitemap.PipelineNode.invoke(PipelineNode.java:143) at org.apache.cocoon.components.treeprocessor.AbstractParentProcessingNode.invokeNodes(AbstractParentProcessingNode.java:69) at org.apache.cocoon.components.treeprocessor.sitemap.PipelinesNode.invoke(PipelinesNode.java:93) at org.apache.cocoon.components.treeprocessor.ConcreteTreeProcessor.process(ConcreteTreeProcessor.java:235) at org.apache.cocoon.components.treeprocessor.ConcreteTreeProcessor.process(ConcreteTreeProcessor.java:177) at org.apache.cocoon.components.treeprocessor.TreeProcessor.process(TreeProcessor.java:254) at org.apache.cocoon.components.treeprocessor.sitemap.MountNode.invoke(MountNode.java:118) at org.apache.cocoon.components.treeprocessor.AbstractParentProcessingNode.invokeNodes(AbstractParentProcessingNode.java:47) at org.apache.cocoon.components.treeprocessor.sitemap.MatchNode.invoke(MatchNode.java:108) at org.apache.cocoon.components.treeprocessor.AbstractParentProcessingNode.invokeNodes(AbstractParentProcessingNode.java:69) at org.apache.cocoon.components.treeprocessor.sitemap.PipelineNode.invoke(PipelineNode.java:143) at org.apache.cocoon.components.treeprocessor.AbstractParentProcessingNode.invokeNodes(AbstractParentProcessingNode.java:69) at org.apache.cocoon.components.treeprocessor.sitemap.PipelinesNode.invoke(PipelinesNode.java:93) at org.apache.cocoon.components.treeprocessor.ConcreteTreeProcessor.process(ConcreteTreeProcessor.java:235) at org.apache.cocoon.components.treeprocessor.ConcreteTreeProcessor.process(ConcreteTreeProcessor.java:177) at org.apache.cocoon.components.treeprocessor.TreeProcessor.process(TreeProcessor.java:254) at org.apache.cocoon.components.treeprocessor.sitemap.MountNode.invoke(MountNode.java:118) at org.apache.cocoon.components.treeprocessor.AbstractParentProcessingNode.invokeNodes(AbstractParentProcessingNode.java:47) at org.apache.cocoon.components.treeprocessor.sitemap.MatchNode.invoke(MatchNode.java:108) at org.apache.cocoon.components.treeprocessor.AbstractParentProcessingNode.invokeNodes(AbstractParentProcessingNode.java:69) at org.apache.cocoon.components.treeprocessor.sitemap.PipelineNode.invoke(PipelineNode.java:143) at org.apache.cocoon.components.treeprocessor.AbstractParentProcessingNode.invokeNodes(AbstractParentProcessingNode.java:69) at org.apache.cocoon.components.treeprocessor.sitemap.PipelinesNode.invoke(PipelinesNode.java:93) at org.apache.cocoon.components.treeprocessor.ConcreteTreeProcessor.process(ConcreteTreeProcessor.java:235) at org.apache.cocoon.components.treeprocessor.ConcreteTreeProcessor.process(ConcreteTreeProcessor.java:177) at org.apache.cocoon.components.treeprocessor.TreeProcessor.process(TreeProcessor.java:254) at org.apache.cocoon.components.treeprocessor.sitemap.MountNode.invoke(MountNode.java:118) at org.apache.cocoon.components.treeprocessor.AbstractParentProcessingNode.invokeNodes(AbstractParentProcessingNode.java:47) at org.apache.cocoon.components.treeprocessor.sitemap.ActTypeNode.invoke(ActTypeNode.java:139) at org.apache.cocoon.components.treeprocessor.AbstractParentProcessingNode.invokeNodes(AbstractParentProcessingNode.java:47) at org.apache.cocoon.components.treeprocessor.sitemap.MatchNode.invoke(MatchNode.java:108) at org.apache.cocoon.components.treeprocessor.AbstractParentProcessingNode.invokeNodes(AbstractParentProcessingNode.java:69) at org.apache.cocoon.components.treeprocessor.sitemap.PipelineNode.invoke(PipelineNode.java:143) at org.apache.cocoon.components.treeprocessor.AbstractParentProcessingNode.invokeNodes(AbstractParentProcessingNode.java:69) at org.apache.cocoon.components.treeprocessor.sitemap.PipelinesNode.invoke(PipelinesNode.java:93) at org.apache.cocoon.components.treeprocessor.ConcreteTreeProcessor.process(ConcreteTreeProcessor.java:235) at org.apache.cocoon.components.treeprocessor.ConcreteTreeProcessor.process(ConcreteTreeProcessor.java:177) at org.apache.cocoon.components.treeprocessor.TreeProcessor.process(TreeProcessor.java:254) at org.apache.cocoon.Cocoon.process(Cocoon.java:699) at org.apache.cocoon.servlet.CocoonServlet.service(CocoonServlet.java:1154) at javax.servlet.http.HttpServlet.service(HttpServlet.java:723) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.ha.session.JvmRouteBinderValve.invoke(JvmRouteBinderValve.java:227) at org.apache.catalina.ha.tcp.ReplicationValve.invoke(ReplicationValve.java:347) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293) at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190) at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:311) at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:776) at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:705) at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:898) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690) at java.lang.Thread.run(Thread.java:744) Caused by: org.apache.lenya.ac.AccessControlException: Exception during search: at org.apache.lenya.ac.ldap.LDAPUser.existsUser(LDAPUser.java:156) at org.apache.lenya.cms.ac.usecases.AddUser.validate(AddUser.java:75) ... 86 more Caused by: javax.naming.CommunicationException: simple bind failed: 10.100.100.133:389 [Root exception is java.net.SocketException: Connection reset] at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:218) at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2740) at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:316) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154) at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84) at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307) at javax.naming.InitialContext.init(InitialContext.java:242) at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:153) at org.apache.lenya.ac.ldap.LDAPUser.bind(LDAPUser.java:364) at org.apache.lenya.ac.ldap.LDAPUser.getDirectoryEntry(LDAPUser.java:434) at org.apache.lenya.ac.ldap.LDAPUser.existsUser(LDAPUser.java:146) ... 87 more Caused by: java.net.SocketException: Connection reset at java.net.SocketInputStream.read(SocketInputStream.java:196) at java.net.SocketInputStream.read(SocketInputStream.java:122) at sun.security.ssl.InputRecord.readFully(InputRecord.java:442) at sun.security.ssl.InputRecord.read(InputRecord.java:480) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:927) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312) at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:702) at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:122) at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82) at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140) at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:431) at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:404) at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:358) at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:213) ... 100 more When I run Wireshark on the server running Active Directory, I can see the initial handshake. After the SYN exchange, when Lenya sends anACK packet, and then a PSH ACK packet immediately right after, Active Directory immediately responds with a RST, which is the cause of the exception. No LDAP connection properties are ever exchanged as the initial handshake can never be completed. I have another web application running on the same machine in the same Tomcat instancethat performs LDAP lookups against the same Active Directoryusingthe javax.naming library that is a part of the SDK. It does not have a problem connecting at all. Henceforth, there are no issues regarding the network, or the firewall that seperates the DMZ from the internal network. At this point, it is my feeling that Active Directory may be the culprit here. I know this may not be the fault of Lenya. I am just looking if anyone else has dealt with a similar problem, and the steps they took to resolve the issue. Thanks again, Ben --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
